Move the downgrade sentinel declarations to a header file
authorMatt Caswell <matt@openssl.org>
Fri, 24 Mar 2017 09:57:21 +0000 (09:57 +0000)
committerMatt Caswell <matt@openssl.org>
Fri, 24 Mar 2017 14:07:11 +0000 (14:07 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

ssl/s3_lib.c
ssl/ssl_locl.h
ssl/statem/statem_lib.c

index 3feb628..d8cce5e 100644 (file)
 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
 
+/* TLSv1.3 downgrade protection sentinel values */
+const unsigned char tls11downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
+};
+const unsigned char tls12downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
+};
+
 /*
  * The list of available ciphers, mostly organized into the following
  * groups:
@@ -4030,13 +4038,6 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
     }
 #ifndef OPENSSL_NO_TLS13DOWNGRADE
     if (ret) {
-        static const unsigned char tls11downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
-        };
-        static const unsigned char tls12downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
-        };
-
         assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
         if (dgrd == DOWNGRADE_TO_1_2)
             memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
index 4a9e599..4378b71 100644 (file)
@@ -1865,6 +1865,9 @@ typedef enum tlsext_index_en {
 /* A dummy signature value not valid for TLSv1.2 signature algs */
 #define TLSEXT_signature_rsa_pss                                0x0101
 
+/* TLSv1.3 downgrade protection sentinel values */
+extern const unsigned char tls11downgrade[8];
+extern const unsigned char tls12downgrade[8];
 
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
 
index f098213..bf1a5b2 100644 (file)
@@ -1726,14 +1726,6 @@ int ssl_choose_client_version(SSL *s, int version, int checkdgrd, int *al)
     for (vent = table; vent->version != 0; ++vent) {
         const SSL_METHOD *method;
         int err;
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
-        static const unsigned char tls11downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
-        };
-        static const unsigned char tls12downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
-        };
-#endif
 
         if (vent->cmeth == NULL)
             continue;